<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Users</title>
</head>
<body bgcolor="#ffffff">
	<h1>Users</h1>
	<p>
		Users are the ZAP representations of websites/webapps' users. They
		allow certain actions to be performed from the point of view of an
		user of the webapps. For each <b><a href="contexts.html">Context</a></b>,
		a set of Users can be defined, which can then be used in actions
		related to the context. Most commonly, during various scans the
		request messages can be sent from the point of view of a User.
	</p>

	<p>
		The concept of Users is tightly tied to the concepts of <a
			href="sessionManagement.html">Session Management</a> and <a
			href="authentication.html">Authentication</a>. When a User is first
		used somewhere in ZAP, an authentication is performed (according to
		the Authentication Method defined for the Context) and a Session is
		created and configured for this user (according to the Session
		Management defined for the Context). After that, requests sent from
		the point of view of a User are modified (if necessary) and sent in
		such a way that the web server identifies them as being sent by an
		authenticated webapp/website user. If anytime a message is sent from
		the perspective of a User and the response received seems
		unauthenticated (as identified using the <i>Logged In</i> and <i>Logged
			Out</i> <a href="authentication.html">Authentication indicators</a>), a new
		authentication is performed and the Session is updated accordingly.
	</p>

	<p>In order to perform the authentication of a user on a website /
		in a webapp, the Authentication Method defines how the authentication
		is done (the process), while the necessary credentials (the exact
		identifiers) are dependent on the user, so, in ZAP, they are
		configured in the Users.</p>

	<h2>Configured via</h2>
	<table>
		<tr>
			<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
			<td><a href="../../ui/dialogs/session/contexts.html#users">Session
					Contexts Dialog</a></td>
			<td></td>
		</tr>
	</table>

	<h2>See also</h2>
	<table>
		<tr>
			<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
			<td><a href="https://youtu.be/cR4gw-cPZOA">Youtube tutorial</a></td>
			<td>of the Authentication, Session Management and Users Management features of ZAP [external link to https://youtu.be/cR4gw-cPZOA].</td>
		</tr>
		<tr>
			<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
			<td><a href="authentication.html">Authentication Overview</a></td>
			<td>for an overview of Authentication in ZAP</td>
		</tr>
		<tr>
			<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
			<td><a href="../../ui/overview.html">UI Overview</a></td>
			<td>for an overview of the user interface</td>
		</tr>
		<tr>
			<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
			<td><a href="concepts.html">Features</a></td>
			<td>provided by ZAP</td>
		</tr>
		<tr>
			<td>&nbsp;&nbsp;&nbsp;&nbsp;</td>
			<td><a href="../../ui/dialogs/session/contexts.html">Session
					Contexts Dialog</a></td>
			<td>for an overview of the Session Properties</td>
		</tr>

	</table>

</body>
</html>
